Gov’t to put new cybersecurity measures in place for smart devices

As the number of devices grows, so does the level of security needed. The UK government is aiming to tackle this with a new initiative, but what is the tech sectors take on it?

The Government has announced new cybersecurity guidelines will need to be put in place to ensure smart devices are made safer.

Following a stream of cyber security breaches among Internet of Things (IoT) devices, the UK Government has said new cyber security guidelines are necessary to better protect users. The aim is to change the way devices are manufactured, as well as increasing the safety of individuals.

The government has predicted that each household across the UK has at least 10 internet connected devices, which is set to increase to 15 by 2020. With this increase of devices comes a bigger increase in security threats, meaning more must be done from a cybersecurity perspective. Recently, attacks have been carried out on various IoT devices such as smart watches, CCTV cameras and even children’s dolls.

The governments initiative has been developed alongside the National Cyber Security Centre (NCSC), and coincides with the new £1.9bn Cyber Security Strategy that is set to be implemented. Referred to as ‘Security by Design’ review, the government lays out plans to entwine security in the design process rather than bolted on separately.

Working with industry experts, the government will implement a new Code of Practice that will improve cyber security among internet-connected devices. However, the initiative aims to still ensure businesses are developing innovative solutions for the future.

The number of IoT devices increases, but security must do the same.

Practical steps have also been highlighted, such as password safety. Users are expected to ensure all new passwords for devices are unique and not resettable to factory settings, such as ‘admin’. Additionally sensitive data sent via apps must be encrypted, as well as software automatically updating products to ensure they have the latest security elements.

In addition to the measures for manufacturers, the government has proposed a product labelling scheme is brought in so that customers can be aware of security features before they buy the item.

“This is a positive and much needed step towards securing IoT devices. The guidelines being set out here attack some of the most important areas, although there is a need to go further to develop a trustworthy and lower risk IoT space,” James Lyne, Head of Research & Development at SANS Institute, said. “Enforcing the guidelines so that products can’t be sold in the UK without compliance is also a further step. All in all, this is a robust statement of position for IoT devices moving forwards and it is likely the government and regulators will seek to increase the teeth behind this in time.”

The use of IoT devices is becoming much more common across businesses and communities, for both pleasure and corporate reasons. Therefore, the security must be top notch to ensure the safety of the individual.

“The opportunities created by the Internet of Things are now becoming clear. It offers consumers and citizens greater empowerment and control over their lifestyles, from managing energy consumption at home to having peace of mind that a frail relative is going about their normal routine,” Julian David, CEO of TechUK, said. “However, these opportunities also bring risk and it is important that the IoT market now matures in a sensible and productive way, with security embedded at the design stage. Industry has been keen to engage in the review and demonstrate what is best practice.”

Passwords are one of the things worst for letting in hackers.

The technology sector firmly believes it is paramount to launch the initiative, to better product individuals and boost services.

Cisco’s Annual Security Report revealed that even following vulnerabilities in IoT devices being found companies only solved 17% of these issues, leaving 83% of devices left with vulnerabilities. The company believes the initiative is somewhat of a stepping stone to the final product most envision.

“This is only half the battle though. It’s not just about securing the end-points. Whilst the ‘Secure by Design’ initiative is a promising step in the right direction, we must not overlook the fundamental importance of securing our networks. If these innovations are to safely empower our lives it is fundamental that security is not an afterthought but embedded from the design phase,” Mark Weir, Director of Cyber Security at Cisco UK&I, said.

“It is encouraging to see the UK Government introducing compliance measures to ensure that connected devices are secure straight from the design room to minimise these types of problems. To ensure our nation collectively remains safe we must ensure that smart devices are connected to a network that is equally as secure end-to-end, providing full visibility to any threats as they emerge so that they can be contained and dealt with responsibly.”